svn commit: samba r17526 - in branches/SAMBA_4_0/source: dsdb/samdb/ldb_modules lib/ldb/modules setup

Andrew Bartlett abartlet at
Mon Aug 14 06:57:53 GMT 2006

On Mon, 2006-08-14 at 02:02 -0400, simo wrote:
> Andrew,
> I do not think this is the right way to do what you aim for.
> I'd like you to revert the change and instead build a module, to be used
> with the ldap backend, that will remove or change these attributes. This
> will make it work even if someone sets them by hands with an explicit
> add/modify operation and will leave the rest of code simpler (as it is
> now).

Any add/modify attempting to set these should fail.  We have a special
case in the provision at the moment, where we want to be able to set a
deterministic domain and host GUID, but strictly speaking, it should

> I may integrate the operational/objectguid functionality in the schema
> module later on, so you would need to change this code anyway.

As I explained on IRC, I'm just trying to get this as close to the
database as possible, so that these backends can choose how to implement
it.  The LDAP mapping module chooses to implement this onto the
entryUUID field (and standard ldap timestamps), while the objectGUID
module sets values into the database.

I could write a filter, using ldb_map, then let the backend handle it,
but I fear creating objectGUID values, then filtering them out.  Other
modules might read a value that will never hit the disk.  (The
local_password module currently needs reworking to avoid just this
issue.  But at least now it will clearly fail, not silently fail).

Andrew Bartlett

Andrew Bartlett                      
Authentication Developer, Samba Team 
Samba Developer, Red Hat Inc.        
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url :

More information about the samba-technical mailing list